Finally, a way to block those pesky WordPress DoS attacks on cPanel A very common DOS attack on a cPanel server is against the WordPress API scripts, chiefly xmlrpc.php and wp-login.php. If you have been subjected to this kind of attack in the past, and have attempted to prevent reoccurrence, you will likely know that the oft-quoted .htaccess solutions, such as: <Files xmlrpc.php> order deny,allow deny from all </Files> Have limited success in mitigating this kind of attack.